Advertisement

Illi Isabellistes Se Custodes Egregios Praestabant

  • Simon Bischof
  • Joachim Breitner
  • Denis Lohner
  • Gregor Snelting
Chapter

Abstract

We present two new results in machine-checked formalizations of programming languages. (1) Probabilistic Noninterference is a central notion in software security analysis. We present the first Isabelle formalization of low-security observational determinism (“LSOD”), together with a proof that LSOD implies probabilistic noninterference. The formalization of LSOD uses a flow-sensitive definition of low-equivalent traces, which drastically improves precision. (2) We present the first full and machine-checked proof that Launchbury’s well-known semantics of the lazy lambda calculus is correct as well as adequate. The proof catches a bug in Launchbury’s original proof, which was open for many years.

Both results continue the work of the “Quis Custodiet” project at KIT, which aims at machine-checked soundness proofs for complex properties of languages, compilers, and program analysis. We thus include a short overview of earlier “Quis Custodiet” results.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Simon Bischof et al. “Low-Deterministic Security For Low-Deterministic Programs”. In: Journal of Computer Security 26 (2018), pp. 335–336.  https://doi.org/10.3233/JCS17984
  2. 2.
    Joachim Breitner. “Formally proving a compiler transformation safe”. In: Proceedings of the 8th ACM SIGPLAN Symposium on Haskell, Haskell 2015, Vancouver BC, Canada, September 3–4, 2015. 2015, pp. 35–46.Google Scholar
  3. 3.
    Joachim Breitner. “Lazy Evaluation: From natural semantics to a machine-checked compiler transformation”. PhD thesis. Karlsruher Institut für Technologie, Fakultät für Informatik, Apr. 2016.Google Scholar
  4. 4.
    Joachim Breitner. “The adequacy of Launchbury’s natural semantics for lazy evaluation”. In: J. Funct. Program. 28 (2018), e1. https://doi.org/10.1017/S0956796817000144.
  5. 5.
    Joachim Breitner. “The Correctness of Launchbury’s Natural Semantics for Lazy Evaluation”. In: Archive of Formal Proofs (Jan. 2013). ISSN: 2150-914x. http://afp.sf.net/entries/Launchbury.shtml.
  6. 6.
    Joachim Breitner. “The Safety of Call Arity”. In: Archive of Formal Proofs (Feb 2015).Google Scholar
  7. 7.
    Joachim Breitner et al. “On Improvements Of Low-Deterministic Security”. In: Proc. Principles of Security and Trust (POST) Ed. by Frank Piessens and Luca Viganò. Vol. 9635. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2016, pp. 68–88.Google Scholar
  8. 8.
    Pablo Buiras and Alejandro Russo. “Lazy Programs Leak Secrets”. In: NordSec Vol. 8208. Lecture Notes in Computer Science. Springer, 2013, pp. 116–122.Google Scholar
  9. 9.
    Dennis Giffhorn. “Slicing of Concurrent Programs and its Application to Information Flow Control”. PhD thesis. Karlsruher Institut für Technologie, Fakultät für Informatik, May 2012.Google Scholar
  10. 10.
    Dennis Giffhorn and Gregor Snelting. “A New Algorithm For Low-Deterministic Security”. In: International Journal of Information Security 14.3 (Apr 2015), pp. 263–287.CrossRefGoogle Scholar
  11. 11.
    Jürgen Graf. “Information Flow Control with System Dependence Graphs — Improving Modularity Scalability and Precision for Object Oriented Languages”. PhD thesis. Karlsruher Institut für Technologie, Fakultät für Informatik, 2016.Google Scholar
  12. 12.
    Jürgen Graf et al. “Tool Demonstration: JOANA”. In: Proc. Principles of Security and Trust (POST) Ed. by Frank Piessens and Luca Viganò. Vol. 9635. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2016, pp. 89–93.Google Scholar
  13. 13.
    Christian Hammer and Gregor Snelting. “Flow-Sensitive, Context-Sensitive, and Object- sensitive Information Flow Control Based on Program Dependence Graphs”. In: Interna- tional Journal of Information Security 8.6 (Dec. 2009), pp. 399–422.CrossRefGoogle Scholar
  14. 14.
    Johannes Hölzl. “Construction and Stochastic Applications of Measure Spaces in Higher Order Logic”. Dissertation. München: Technische Universität München, 2013.Google Scholar
  15. 15.
    Ralf Küsters et al. “Extending and Applying a Framework for the Cryptographic Verification of Java Programs”. In: Proc. POST 2014 LNCS 8424. Springer, 2014, pp. 220–239.Google Scholar
  16. 16.
    John Launchbury “A Natural Semantics for Lazy Evaluation”. In: Principles of Programming Languages (POPL) ACM, 1993. DOI: 10.1145/158511.158618.Google Scholar
  17. 17.
    Andreas Lochbihler “A Machine-Checked, Type-Safe Model of Java Concurrency : Language, Virtual Machine, Memory Model, and Verified Compiler”. PhD thesis. Karlsruher Institut für Technologie, Fakultät für Informatik, July 2012.Google Scholar
  18. 18.
    Andreas Lochbihler. “Making the Java Memory Model Safe”. In: ACM Transactions on Programming Languages and Systems 35.4 (2014), 12:1–12:65.Google Scholar
  19. 19.
    Andreas Lochbihler. “Verifying a Compiler for Java Threads”. In: Proc. 19th European Symposium on Programming ESOP 2010 Vol. 6012. Lecture Notes in Computer Science. 2010, pp. 427–447.Google Scholar
  20. 20.
    Simon Peyton Jones. “Implementing Lazy Functional Languages on Stock Hardware: The Spineless Tagless G-Machine”. In: Journal of Functional Programming 2.2 (1992), pp. 127–202. https://doi.org/10.1017/S0956796800000319.CrossRefGoogle Scholar
  21. 21.
    Andrew M. Pitts. “Nominal logic, a first order theory of names and binding”. In: Theoretical Aspects of Computer Software (TACS) 2001 Vol. 186. Information and Computation 2. Elsevier, 2003, pp. 165–193. https://doi.org/10.1016/S08905401(03)00138X
  22. 22.
    Andrei Popescu, Johannes Hölzl, and Tobias Nipkow. “Formal Verification of Language- Based Concurrent Noninterference”. In: J. Formalized Reasoning 6.1 (2013), pp. 1–30.Google Scholar
  23. 23.
    Andrei Popescu, Johannes Hölzl, and Tobias Nipkow “Formalizing Probabilistic Nonin- terference”. In: Proc. Certified Programs and Proofs CPP Vol. 8307. Lecture Notes in Computer Science. 2013, pp. 259–275.Google Scholar
  24. 24.
    Andrei Popescu, Johannes Hölzl, and Tobias Nipkow. “Noninterfering Schedulers When Possibilistic Noninterference Implies Probabilistic Noninterference”. In: Proc. Algebra and Coalgebra in Computer Science (CALCO) Lecture Notes in Computer Science. 2013, pp. 236–252.Google Scholar
  25. 25.
    A. Sabelfeld and A. Myers. “Language-Based Information-Flow Security”. In: IEEE Journal on Selected Areas in Communications 21.1 (Jan. 2003), pp. 5–19.CrossRefGoogle Scholar
  26. 26.
    Andrei Sabelfeld and David Sands. “Probabilistic Noninterference for Multi-Threaded Programs”. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop, CSFW ’00, Cambridge England, UK, July 3–5, 2000. 2000, pp. 200–214.Google Scholar
  27. 27.
    Lidia Sánchez-Gil, Mercedes Hidalgo-Herrero, and Yolanda Ortega-Mallén. “Launchbury’s semantics revisited: On the equivalence of context-heap semantics (Work in progress)”. In: XIV Jornadas sobre Programación y Lenguajes (2014), pp. 203–217.Google Scholar
  28. 28.
    Lidia Sánchez-Gil, Mercedes Hidalgo-Herrero, and Yolanda Ortega-Mallén. “Relating func- tion spaces to resourced function spaces”. In: Symposium on Applied Computing (SAC) ACM, 2011, pp. 1301–1308. https://doi.org/10.1145/1982185.1982469
  29. 29.
    Lidia Sánchez-Gil, Mercedes Hidalgo-Herrero, and Yolanda Ortega-Mallén. “The role of indirections in lazy natural semantics”. In: Perspectives of System Informatics (PSI) 2014 Vol. 8974. LNCS. Springer, 2015. https://doi.org/10.1007/9783662468234<currencydollar>backslash<currencydollar>textunderscore24
  30. 30.
    Gregor Snelting. “Paul Feyerabend and software technology”. In: International Journal on Software Tools for Technology Transfer 2.1 (Nov 1998), pp. 1–5.Google Scholar
  31. 31.
    Gregor Snelting. “Paul Feyerabend und die Softwaretechnologie”. In: Informatik-Spektrum 21.5 (Oct. 1998), pp. 273–276.Google Scholar
  32. 32.
    Christian Urban and Cezary Kaliszyk. “General Bindings and Alpha-Equivalence in Nominal Isabelle”. In: Logical Methods in Computer Science 8.2 (2012). DOI: 10.2168/LMCS8(2: 14)2012.Google Scholar
  33. 33.
    Daniel Wasserrab. “From Formal Semantics to Verified Slicing – A Modular Framework with Applications in Language Based Security”. PhD thesis. Karlsruher Institut für Technologie, Fakultät für Informatik, Oct. 2010. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000020678.
  34. 34.
    Daniel Wasserrab. “Information Flow Noninterference via Slicing”. In: Archive of Formal Proofs (2010).Google Scholar
  35. 35.
    Daniel Wasserrab, Denis Lohner, and Gregor Snelting. “On PDG-Based Noninterference and its Modular Proof”. In: Proc. PLAS ’09 ACM. Dublin, Ireland, June 2009. http://pp.info.unikarlsruhe.de/uploads/publikationen/wasserrab09plas.pdf.
  36. 36.
    Daniel Wasserrab et al. “An Operational Semantics and Type Safety Proof for Multiple Inheritance in C+ +”. In: 21th Annual ACM Conference on Object-Oriented Programming Systems, Languages, and Applications ACM, Oct. 2006, pp. 345–362.Google Scholar
  37. 37.
    Steve Zdancewic and Andrew C. Myers. “Observational Determinism for Concurrent Pro- gram Security”. In: Proc. CSFW. IEEE, 2003, pp. 29–43.Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Simon Bischof
    • 1
  • Joachim Breitner
    • 2
  • Denis Lohner
    • 1
  • Gregor Snelting
    • 1
  1. 1.Karlsruhe Institute of Technology (KIT)KarlsruheGermany
  2. 2.DFINITY StiftungZugSwitzerland

Personalised recommendations